Hi, I have been dealing with and for the most part continuously removing the rouge windows security virus. I am still getting google redirects so I am guessing it has never been fully removed. It has been manageable up until a few days ago when my computer was running extremely slow due to svchost.exe. I restarted the computer and got a blue screen upon start up that said something about a "hard error" several times. I was unable to do anything from that screen so I manually shut down the computer and booted back up. Upon reboot most of my desktop icons all looked the same, and I was unable to open or run anything that was .exe. I could still use IE but several windows popped up, most of them directing me to "Kevins Money Tree". I googled my issue with .exe and after several redirects I was able to get exehelper so I could run several scans. Everything for the most part seems to be cleared up, Im still having issues with redirects and my default browser starting itself up and going to junk websites. Im also having issues with svchost.exe as well. I have windows xp and my task bar and open windows will go back to windows 98 style when svchost is messing up, my ram is also being consumed by it as well. Anyhow, here are all of the logs. I have only been able to successfully run GMER once all the way through, other times it stops in the process and my computer is non responsive. I have a log, but its only the first one.

Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

when i open tdsskiller it starts up and initializes to 80% then says its encountered a problem and needs to close. as for mbam, i removed everything the first time i scanned. ive also run windows malicious software removal tool (current version). i did a quick scan first as suggested and found nothing, so i ran a full scan and still nothing was found. ill continue trying to run tdsskiller until i get another response i guess, hopefully ill have some luck with it.

i use firefox as my browser, now when i open it regardless of what site i go to a new window will pop up. it alternates back and forth between 2 websites that you cant close out, the first one is channel1reports.com and is a "news story" about people being hired by google to work from home. if you try to close it out it redirects you to kevinsmoneytree.org which is "his story" about how working from home for google has made him so much money. a pop up also comes up asking you for $2 after trying to tell you basically that you shouldnt worry about this deal sounding too good to be true, if you try to exit again a different popup with a similar message will come up again asking you for $2, and if you close that one out the whole process starts over and you are back at the same channel1.com news story. also my computer is running extremely slow and i keep having to reboot to run small programs. this is so annoying and i feel sorry for anyone else that has this, and even more pitty for anyone who falls for scams like this.

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Double click combofix.exe & follow the prompts.

When finished, it will produce a log. Please save that log to post in your next reply.

Re-enable all the programs that were disabled during the running of ComboFix..

Note:Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Hi there, I have no intention of hijacking this thread, but I read it and I have near identical problems. I have a vast array of redirects, both in IE and Firefox. My AVG every now and then spits out a warning that there is malicious software on board, and that it is going to quarantine it to the virus vault. I have (I believe) followed the main scam to a series of executable files that are downloaded to randomly generated C:WINDOWS\TEMP folders. These then execute through a DOS console that pops up and dissappears too quickly for me to do anything about it. SVChost is going mad, also, running sometimes up to 19 copies, and gobbling CPU resources like nothing I've ever seen. Obviously these are serious breaches of security for me, and I worry about everything that is on my computer. Also, when I start XP, a blue screen similar to the CHKDSK screen appears, although in this case it seems to me a false screen which is designed to re-load any malicious software that may have been removed. Are you able to give me some advice on the matter, and if so, which reports do I need to obtain? If you just let me know which programs to download and obtain reports from, then I will do that post haste. Should Anti-Virus be switched off while HijackThis, Malwarebytes etc. are running? It appears I am the most useless type of person of all...one that can describe, but not cure my own problem. I just saw this thread, realised how very similar it was to my own situation, and thought I may be able to 'tag along' for the ride to computing normality. Please take pity on me? Thank you for your time, wisdom and patience...

Update: I downloaded and ran combofix. In the middle of running combofix there was a popup from combofix that said that malicious software was running or something and that my computer needed to reboot. No log file was available so I rebooted and attempted to run again. It seems like running combofix dug up whatever issue was buried in my pc because my problem went from annoying to severe. I can't do anything on my pc and I'm sending this from my iPhone. I did a system restore to before I installed combofix and it had no effect on slowing the virus down. I cannot run anything on my pc, I click to open something and nothin ever happens. I manually rebooted and this is what I got:

"Checking file system on C:
The type of the file system is NTFS.
The volume is dirty.

CHKDSK"......etc.

It starts to scan but I shut it down before it gets finished. It said it was deleting a bunch of files and kept saying something about $I30 (the "1" is an upercase "i"). Someone please help me with directions on where to go from here as step by step as possible. I've been without Internet for a week and now that I have it back my pc is crapping on itself.

Are you able to boot into safe mode? If so, try running combofix again in safe mode.
If not, do you have your install CD so we can try a system repair?

I tried to boot in safe mode... It got to the screen where it lists everything before it starts windows and won't go beyond that screen. I can hear the pc loading but nothing happens. I sat there for 30 minutes twice before giving up on it. I'll have to look for the cd, it's been a few years since I've used it.

I don't know if this will help because your case sounds rather complicated, but I had a similar thing happening with redirecting and such on a machine I used a little while ago. After searching for the virus online extensively I eventually found that the main problem in fact wasnt even on my computer itself. My redirects were to more unsavory websites, however it could still be a similar problem.

If we ignore the trojan on your computer for a second (assuming that's what is still there) then we have to fix the redirection problem first, as this can be unrelated to a virus.

Firstly, find any documentation you got when you started buying internet from your current ISP (internet service provider)

Go to your router settings (from memory you type your default setting number into the internet browser, not 100% sure but it should be with your ISP docs) and you'll notice the IP address in there is something different to what it should be. For me, punching the number into google (off a makeshift Linux configured system) told me that all of my internet data was now being redirected through a Russian malware site.

To remedy this, simply change to your default router address. If you can't find one from your ISP, use a website like OpenDNS to grab a safe one to use temporarily. Then reset your router to factory settings and see if you are still getting the redirect problem. If you are it may just be a recurring virus prompt, so NOW run the removal kits and registry cleaners etc. If it is anything like this then majority of your files should be virus free, I found it was one particular (useless, although I can't remember exactly what it was) system file.

I really hope this helps, it solved the redirection solution for me. Unfortunately the cleaning kits I had used before discovering this problem messed up my registry somehow and the computer was very slow to run, so I ended up saving as much data as possible and getting a new machine. I hope your problem doesn't come to this!

If I remember the site (a blog I think) that helped me so much with this I'll upload it, but no guarantees.